Thursday, 18 February 2010

Westminster Legal Policy Forum

Westminster Legal Policy Forum
Surveillance: use, effectiveness and enforcing data protection
Wednesday 17th February

I was at this event yesterday.
Transcript of all sessions released in a week. So this is preliminary notes and thoughts, so excuse the slightly scrappy nature in places.

Philip Virgo – EURIM – Chair
Only a 1/3 of population care about privacy (but they do care)
Simple policy area if understand that technology doesn’t work, nobody reads policy, most will accept defaults, and that nobody is telling the truth even if they knew what it was.

Francis Aldhouse – [ICO has largely accepted the Lyon definition of surveillance, which is a sign of a fair bit of academic impact. In terms of purposes this covers pretty much any deliberate purpose for information gathering.
Fairly standard account of what the surveillance society is.]
Technology plays a facilitating role, and allows changes of scale to the extent that they become changes in kind. Technology is new, but the social psychology is probably not.
Desire to generate trust, by knowing something about our neighbours
Behavioural targeting in advertising is equivalent of 1990’s one-to-one advertising.
Not a wicked conspiracy
Intention is to improve the life of community (law enforcement, anti-terror)
Problem is public sector – ‘risk paranoia’ which has become ‘today’s normality’ (quoting McNulty) – encouraged to approach government through risk, but this confused with likelyhood. We should asses our response to risks, and be proportionate.
Bads – inherent invasion of privacy, reduction of autonomy (control of self) of individual, chilling effect and reduction of trust, presumption of guilt, social fatalism, and threat to constitutional order (based on executive self restraint).

Charles Raab – 5 minute provocation.
1) To what extent are surveillance methods assisting with prevention of crime? – we don’t know, and we don’t agree on how to find out. There are studies, but assessment methods rarely comparable or consistent. Questions about samples and statistics, uncertaintly and arguments about interpretation (there are no disinterested parties). There is a lack of counter-factual examples, and it is difficult to isolate effects of particular technologies. Not easy to vouch for the independence of studies, sponsors have states, biased questions and self-serving.
[making an implicit argument for an academic role in this space]
Too often a mixture of myth and salesmanship
No ready answers on how to change evidence base. Question - what is a success in the prevention of crime? Should we settle for something pretty good, if it preserves other values we care about?
2) Issue of individual privacy verses public security in balance (and language of balancing), places the citizen versus the state. To easy to fall into balancing and reconcilitation of interests in this manner does say what the process of balancing is, how it is calculated, who pronounces the balance, who shifts from a previous balance, what happens in a disagreement (which is bound to happen). Highly political and full of conflict. Concern that nobody is working on/talking about this. No coherent answer to have practitioners arrive at this, and what the institutional and constitutional framework of this should be.
[this is a great question that should always be asked in ‘balancing debates’]

Nick Gargan – National Policing Improvement Agency, but speaking as ACPO lead on Intelligence. ‘Surveillance society’ is played out as an alarming narrative, and a gift to the media, and the government needs to rebut and correct much of this for clarity. Need numbers, because the commonly quoted ones are wrong. E.g. CCTV from two streets. Made an attack on academic work on surveillance as poorly researched, frivolous and alarmist.
[however, in quoting a more accurate figure of CCTV he only included local authority CCTV systems, which is quite disingenuous).
ACPO favours a consistent narraritve that sees the joins between technology (rather than the home office approach which looks at a technology-by-technology basis) and develop and evidence base. Police should be responsive, rather than determining policy. Up to community to decide if they want the police to follow footsteps online. Police service should provide dispassionate analysis of risk.

Isabella Sankey (Liberty) – not ‘for liberty, against security’ and recognise that they’re often hand in hand. [does this sublimate liberty to its propaganda value to security?] criticism directed at non-purpose databases (NIR). Two factors – war on terror and explosion of technological capacity. An unprecedented focus on security, and nothing to hide, nothing to fear
Privacy is valued culturally, but with little legal protection. There is an inherent link between privacy and human dignity. Human rights meaningless without autonomy, link with freedom of expression and non-discrimination. Surveillance is the issue over which the public most contact Liberty’s. Data loss scandals bring home the risks.
DNA database, S & Marper case
Need for regulation of CCTV
Practical and principled case for proportionate response.

Peter Mahy (Howells Solicitors)
Represented S & Marper
In 2008, the UK found to have overstepped its legal oblications on the retention of the DNA of non-convicted individuals on the national DNA database, that this is not necessary in a democratic society. The Government has apparently not so far complied with the judgement.
Doesn’t trust government to safeguard this info, they have an appalling record, and are considering sharing this information beyond the UK.
People want to be respected by the state, trusted as individuals. 1 million or so innocent people on database – imagine the resentment. Argued there was a perception of collection as secretive, covert, unjust (and arbitrary) – policing by coercion rather than policing by consent. In medical field, retention without consent abhorrent, why not in policing).

Dominic Connor – P&D Quantitative Recruitment.
Argued that data protection guidelines too low a standard, but that couldn’t/wouldn’t delete information at request of individuals. Argued not physically possible {which prompts the question of why the system was/could be designed in that way). People still believe they are hard to find, surprised when not. Critiqued Gargan’s 60,000 CCTV figure by pointing out importance of CCTV that police have access to. Public opinion the big driver to good info practices in private sector [but missed out the fact that abuses have to be revealed for this to work this way]. A government can do insane things without loosing votes.

Virgo asked about RIPA – investigative powers and processes
Gargan – positive, most useful when invention actions planned, and seen by senior people, and fairly visible.
Sankey – judicial authorisation rather than home secretary for interception warrarnts, RIPA should be re-evaluated, who has access, to which powers, and with what safeguards.

Caspar Bowden got into an argument with Dominic Connor, and said Gargan’s point about not lobbying was disingenuous given that ACPO and the NPIA had been lobbying ministers. Gargan responded that perhaps in the past, the relationship had been too close.

David Blackwell – Detica – asked Sankey if collection of data was troubling, or the potential misuse of the data. Sankey’s concern was about what was collected and how, collection without clear purpose (just in case) and that context was important for justice.

David McNesh (university of leeds) said he was working on new balancing ideas (Raab’s response was that he was calling for more awareness on the part of those who asses balance and how this is argued). He also asked what frameworks of ethics panellists used to determine just use from abuse.
Gargan – individual inspectors training, control against internal culture, exposure to external thinking, oversight and insight. Appling the will of parliament in a sensible way.
Connor – wondered if firms should actively assist the police above and beyond being presented with a warrent for information, and at what level of suspected criminality should this occur.
Mahey – different forces have different approaches, and is suspicious about ‘inspector judgement’ – UK courts have got it wrong (EU says so) so not good enough to leave judgement.
Francis – courts do not balance – they decide who has won. It is not a question of personal ethics, but appropriate social rules and depends upon social, legal, political contexts of decisions.

James Backhouse – LSE
Information risks faced by citizens in rise of digitial state are increasing, and responsibility for these risks is being moved onto citizens.
Joining up across state to an integrated identity profile
Citizens cannot change provides if unhappy with services
Personal data and identity at the heart of the digital state.
Assumption, if data there, why not use it?
FIDIS study – 2007 survey
Systems and technology, incompetence, public info managmenet failures, internal failures (oversharing) control, accuracy, transparency, risk of overpowering state.
Used international examples of E-ID cards
Information security has become information assurance (from safe, to ‘we’ve done our best’)
New individual responsibility (spelled out by get safe online)
But citizens have little control
Can’t make informed decisions about risk, set limits, choose options/exposure to address risk.
Not possibly to address identity without authentication + security – especially in the digital age.

Jonathan Bamford – information commissioner’s office.
Power of information technology much more than when early data protection
Risks to individuals, vulnerable, info used in unwarranted ways
Surveillance beyond simple abuses - personal information, and dataveillance
Footprints build up to details, intrusive piscture of how live our lives.
Most of state data about normal everyday people
Tech advance allows more profiles than ever thought possible when legislation developed (when he was a ‘boy data-protector’).
This will get bigger, quicker and linked.
Most of ICO complaints not about surveillance, but use of personal information
Now, more hardwiring of surveillance into society – eg. Licensing conditions, authorities given powers and overstep them.
Can’t be ludditie, IT revolutionises and can provide better services, better safety.
Risks – hidden, unacceptable, detrimental, mistakes, discrimination (social sorting, exclusion), suspiscion and greater intrusion.
Is Data protection still relevant
Talked about ICO’s annual tracking research
People expect safeguards to be built in by those building the system, as in cars with airbags, brakes. People are ok with use of data, but believe there is/should be a guardian angel to look after them.

1 comment:

  1. Thanks David for the info, sounds like an interesting day!